CVSS: 6.8EPSS: 3%CPEs: 13EXPL: 0CVE-2008-0309
https://notcve.org/view.php?id=CVE-2008-0309
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). Vulnerabilidad de Desbordamiento de búfer basado en pila en Symantec Decomposer incluído en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP) • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667 http://secunia.com/advisories/29140 http://www.securityfocus.com/bid/27913 http://www.securitytracker.com/id?1019503 http://www.symantec.com/avcenter/security/Content/2008.02.27.html http://www.vupen.com/english/advisories/2008/0680 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2008-0308
https://notcve.org/view.php?id=CVE-2008-0308
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). Symantec Decomposer, como se usa en ciertos productos antivirus Symantec incluyendo Symantec Scan Engine 5.1.2 y otras versiones antes de 5.1.6.31, permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) a través de un archivo RAR mal formado al puerto (1344/tcp) del Internet Content Adaptation Protocol (ICAP) (Protocolo de Adaptación de Contenido de Internet). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=666 http://secunia.com/advisories/29140 http://www.securityfocus.com/bid/27911 http://www.securitytracker.com/id?1019503 http://www.symantec.com/avcenter/security/Content/2008.02.27.html http://www.vupen.com/english/advisories/2008/0680 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 0CVE-2007-4516
https://notcve.org/view.php?id=CVE-2007-4516
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. Volume Manager Scheduler Service (también conocido como VxSchedService.exe) de Symantec Veritas Storage Foundation 5.0 para Windows permite a atacantes remotos provocar una denegación de servicio (cuelgue o caída del demonio) a través de paquetes malformados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=665 http://secunia.com/advisories/29033 http://securitytracker.com/id?1019458 http://www.securityfocus.com/bid/27440 http://www.symantec.com/avcenter/security/Content/2008.02.20.html http://www.vupen.com/english/advisories/2008/0624 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 91%CPEs: 7EXPL: 0CVE-2008-0638 – Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0638
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size. Desbordamiento de búfer basado en memoria libre para la reserva dinámica (heap) en el servicio Veritas Enterprise Administrator (VEA)(también conocido como vxsvc.exe) de Symantec Veritas Storage Foundation 5.0 permite a atacantes remotos ejecutar código de su elección a través de un paquete con valores manipulados de un campo de determinado tamaño, lo cual no es comprobado para la consistencia con el tamaño real del búfer. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec VERITAS Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Administrator service, vxsvc.exe, which listens by default on UDP port 3207. The process trusts a user-supplied size value, receiving the specified amount of data into a static heap buffer. • http://secunia.com/advisories/29050 http://securitytracker.com/id?1019459 http://www.securityfocus.com/archive/1/488420/100/0/threaded http://www.securityfocus.com/bid/25778 http://www.symantec.com/avcenter/security/Content/2008.02.20a.html http://www.zerodayinitiative.com/advisories/ZDI-08-007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0716
https://notcve.org/view.php?id=CVE-2008-0716
The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. El agente de Symantec Altiris Notification Server en versiones anteriores a la 6.0 SP3 R7 permite a usuarios locales obtener privilegios a través de un ataque estilo "destrozar" (Shatter). • http://secunia.com/advisories/28832 http://securityresponse.symantec.com/avcenter/security/Content/2008.02.06.html http://www.securityfocus.com/bid/27645 http://www.securitytracker.com/id?1019313 http://www.vupen.com/english/advisories/2008/0444 •